Computer Security
[EN] securityvulns.ru no-pyccku


ĀµTorrent DoS
updated since 04.06.2007
Published:11.06.2007
Source:
SecurityVulns ID:7776
Type:remote
Threat Level:
5/10
Description:Large number of empty lines cause buffer overflow.
Affected:UTORRENT : ĀµTorrent 1.6
Original documentdocumentDj.r4iDeN_(at)_gmail.com, uTorrent overflow (04.06.2007)
Files:utorrentex.sh

CA multiple antiviral products buffer overflow
updated since 06.06.2007
Published:11.06.2007
Source:
SecurityVulns ID:7784
Type:remote
Threat Level:
7/10
Description:Buffer overflow on CAB archives parsing.
CVE:CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.)
 CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.)
Original documentdocumentCA, [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities (11.06.2007)
 documentZDI, [Full-disclosure] ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability (06.06.2007)
 documentZDI, ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability (06.06.2007)

Multiple Symantec antiviral products Reporting Server code execution
updated since 06.06.2007
Published:11.06.2007
Source:
SecurityVulns ID:7785
Type:remote
Threat Level:
7/10
Description:It's possible to spoof executable report file. Password hash is leaked during failed logon attempt.
Affected:SYMANTEC : Symantec AntiVirus 10.1
 SYMANTEC : Symantec Client Security 3.1
CVE:CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.)
 CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.)
Original documentdocumentSYMANTEC, SYM07-011 Symantec Reporting Server password disclosure (11.06.2007)
 documentSYMANTEC, SYM07-012 Symantec Reporting Server elevation of privilege (06.06.2007)

Symantec ghost DoS
Published:11.06.2007
Source:
SecurityVulns ID:7786
Type:remote
Threat Level:
5/10
Description:Crash on parsing UDP/1346, UDP/1347 requests.
Affected:SYMANTEC : ghost 8.0
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.05.07: Symantec Ghost Multiple Denial of Service Vulnerabilities (11.06.2007)

Alcatel-Lucent OmniPCX 7.0 VLAN information leak
Published:11.06.2007
Source:
SecurityVulns ID:7787
Type:m-i-t-m
Threat Level:
5/10
Description:Broadcast and multicast packets cross VLAN boundaries.
Affected:LUCENT : OmniPCX Enterprise Release 7.0
CVE:CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.)
Original documentdocumentOliver Goebel, RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0 (11.06.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.06.2007
Source:
SecurityVulns ID:7789
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBLOGGIE : myBloggie 2.1
 WORDPRESS : WordPress 2.0
 PHPWEBTHINGS : phpWebThings 1.5
 WORDPRESS : WordPress 2.2
 LIGHTBLOG : Light Blog 4.1
 W1L3D4 : W1L3D4 WEBmarket 0.1
 ATOMPHOTOBLOG : Atom Photoblog 1.0
 WEBMASTER : Wms-CMS 2.0
 VSUPPORT : vSupport Integrated Ticket System 3.0
 CYNUX : PHPMyDesk 1.0
 ZENHELPDESK : Zen Help Desk 2.1
 AMERICANFINANCIN : Link Request Contact Form 3.4
 JFFNMS : jffnms 0.8
Original documentdocumentJohn Smith, [Full-disclosure] Wordpress default theme XSS (admin) and other problems (11.06.2007)
 documenttitanichacker titanichacker, phpWebThings ==>1.5.2 RFI (11.06.2007)
 documenttitanichacker titanichacker, Zen Help Desk ==> Version 2.1 Bypass/ (11.06.2007)
 documenttitanichacker titanichacker, PHPMyDesk Beta Release 1.0b ==> RFI (11.06.2007)
 documentJohn Smith, Wordpress default theme XSS (admin) and other problems (11.06.2007)
 documentstormhacker_(at)_hotmail.com, vSupport Integrated Ticket System 3.*.* SQL injection (11.06.2007)
 documentyaser_(at)_gencturk.net, myBloggie 2.1.5 Remote File Include (11.06.2007)
 documentls_(at)_calima.serapis.net, Atom PhotoBlog v1.0.9 XSS vulnerability (11.06.2007)
 documentglafkos_(at)_infosec.org.uk, WmsCMS < = 2.0 Multiple XSS Vulnerabilities (11.06.2007)
 documentDj_ReMix_20_(at)_hotmail.com, W1L3D4 WEBmarket Remote SQL İnjection (11.06.2007)
 documentDj_ReMix_20_(at)_hotmail.com, Hnkaray Duyuru Script Remote SQL İnjection (11.06.2007)
 documentDaniel Cid, Remote log injection on DenyHosts, Fail2ban and BlockHosts (11.06.2007)
 documenthack2prison_(at)_yahoo.com, ASP Folder Gallery Vulnerabilities (11.06.2007)
 documentls_(at)_calima.serapis.net, Light Blog 4.1 XSS Vulnerability (11.06.2007)
 documents0cratex_(at)_hotmail.com, Comicsense SQL Injection Advisory/Exploit (11.06.2007)

Microsoft Html Popup / Outlook Express Address Book ActiveX DoS
Published:11.06.2007
Source:
SecurityVulns ID:7790
Type:client
Threat Level:
3/10
Description:Crash on element displaying.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentno-reply_(at)_yahoo.com, IE 6 / MS Office Outlook Express Address Book Activex DoS (11.06.2007)
 documentHessam Salehi, IE 6/Microsoft Html Popup Window (mshtml.dll) DoS (11.06.2007)

sudo with Kerberos authentication privilege escalation
Published:11.06.2007
Source:
SecurityVulns ID:7791
Type:local
Threat Level:
5/10
Description:sudo fails to check granted tickets match to requested service, making it possible to use faked Kerberos server.
Affected:SUDO : sudo 1.6
Original documentdocumentThor Lancelot , MIT krb5: makes sudo authentication issue MUCH worse. (11.06.2007)
 documentThor Lancelot , Sudo: local root compromise with krb5 enabled (11.06.2007)

Linux kernel multiple security vulnerabilities
Published:11.06.2007
Source:
SecurityVulns ID:7792
Type:library
Threat Level:
6/10
Description:Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.)
 CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.)
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability (11.06.2007)
 documentUBUNTU, [USN-470-1] Linux kernel vulnerabilities (11.06.2007)

BlueCoat K9 Web Protection buffer overflow
Published:11.06.2007
Source:
SecurityVulns ID:7793
Type:client
Threat Level:
5/10
Description:Buffer overflow on parsing TCP/2372 request for 127.0.0.1 interface.
Affected:BLUECOAT : K9 Web Protection 3.2
Original documentdocumentDennis Rand, CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow (11.06.2007)

Packeteer PacketShaper DoS
Published:11.06.2007
Source:
SecurityVulns ID:7794
Type:local
Threat Level:
5/10
Description:Reboot on malformed Web interface request.
Affected:PACKETEER : PacketShaper 7.5
 PACKETEER : PacketShaper 7.3
Original documentdocumentnnposter_(at)_disclosed.not, Packeteer PacketShaper Web Management Denial of Service (11.06.2007)

Yahoo! Messenger WebCam ActiveX multiple buffer overflows
Published:11.06.2007
Source:
SecurityVulns ID:7795
Type:client
Threat Level:
7/10
Description:Few buffer overflows in Ywcvwr.dll library.
Affected:YAHOO : Yahoo Messenger 8.1
Original documentdocumentEEYE, EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows (11.06.2007)
Files:Yahoo 0day ActiveX Webcam Exploit
 2nd Yahoo 0day ActiveX Exploit
 Yahoo 0day Ywcupl.dll ActiveX Exploit Download And Exec
 Yahoo 0day Ywcvwr.dll ActiveX Exploit #2 Download And Exec

SafeNET High Assurance Remote / SoftRemote DoS
Published:11.06.2007
Source:
SecurityVulns ID:7796
Type:remote
Threat Level:
5/10
Description:Infinite loop on IPv6 parsing.
Affected:SAFENET : SoftRemote 10.4
 SAFENET : HighAssurance Remote 10.4
Original documentdocumentmu-b, [Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS (11.06.2007)

Microsoft Windows GDI+ library DoS
updated since 11.06.2007
Published:12.06.2007
Source:
SecurityVulns ID:7788
Type:library
Threat Level:
5/10
Description:Division by zero on .ICO files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
Original documentdocumentH D Moore, Re: GDI+ and Internet Explorer question (12.06.2007)
 documentDennis Rand, CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files (11.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod